openswan主要配置檔案
/etc/ipsec.secrets 用來儲存private rsa keys 和 preshared secrets (psks)
/etc/ipsec.conf 配置檔案(settings, options, defaults, connections)
openswan主要配置目錄
/etc/ipsec.d/cacerts 存放x.509認證證書(根證書-"root certificates")
/etc/ipsec.d/certs 存放x.509客戶端證書(x.509 client certificates)
/etc/ipsec.d/private 存放x.509認證私鑰(x.509 certificate private keys)
/etc/ipsec.d/crls 存放x.509證書撤消列表(x.509 certificate revocation lists)
/etc/ipsec.d/ocspcerts 存放x.500 ocsp證書(online certificate status protocol certificates)
/etc/ipsec.d/passwd xauth密碼檔案(xauth password file)
/etc/ipsec.d/policies 存放opportunistic encryption策略組(the opportunistic encryption policy groups)
openswan支援許多不同的認證方式,包括rsa keys、pre-shared keys、xauth、x.509證書方式。
下面描述x.509證書認證。下面分別描述如何配置:
客戶端:
conn host-host-example
left=192.168.1.100
leftid=@left
right=192.168.1.110
rightid=@right
auto=start
服務端:
conn host-host-example
left=192.168.1.110
leftid=@right
right=%any
rightid=@left
auto=start
road配置的關鍵是制定leftid和righid,對端指向正好相反
# rsakey aqnu21vds
leftcert=client.crt
# rsakey aqnwos/ga
rightcert=server.crt
php phpStorm xdebug配置方法
2.配置php.ini,在末尾加上。xdebug zend extension php xdebug 2.3.3 5.6 vc11.dll xdebug.remote enable on xdebug.remote handler dbgp xdebug.remote host localhost ...
ha 配置ssl haproxy ssl 配置方式
haproxy ssl 有兩種方式 1 haproxy 本身提供ssl 證書,後面的web 伺服器走正常的http 2 haproxy 本身只提供 後面的web伺服器https 第一種方式 需要編譯haproxy 支援ssl,編譯引數 make target linux26 use openssl ...
Python IDLE(shell清屏配置方法)
具體操作如下 1.複製下面 clear window extension version 0.2 author roger d.serwy roger.serwy gmail.com date 2009 06 14 it provides clear shell window under optio...